63

7C

77

7B

F2

6B

6F

C5

30

01

67

2B

FE

D7

AB

76

CA

82

C9

7D

FA

59

47

F0

AD

D4

A2

AF

9C

A4

72

C0

B7

FD

93

26

36

3F

F7

CC

34

A5

E5

F1

71

D8

31

15

04

C7

23

C3

18

96

05

9A

07

12

80

E2

EB

27

B2

75

09

83

2C

1A

1B

6E

5A

A0

52

3B

D6

B3

29

E3

2F

84

53

D1

00

ED

20

FC

B1

5B

6A

CB

BE

39

4A

4C

58

CF

D0

EF

AA

FB

43

4D

33

85

45

F9

02

7F

50

3C

9F

A8

51

A3

40

8F

92

9D

38

F5

BC

B6

DA

21

10

FF

F3

D2

CD

0C

13

EC

5F

97

44

17

C4

A7

7E

3D

64

5D

19

73

60

81

4F

DC

22

2A

90

88

46

EE

B8

14

DE

5E

0B

DB

E0

32

3A

0A

49

06

24

5C

C2

D3

AC

62

91

95

E4

79

E7

C8

37

6D

8D

D5

4E

A9

6C

56

F4

EA

65

7A

AE

08

BA

78

25

2E

1C

A6

B4

C6

E8

DD

74

1F

4B

BD

8B

8A

70

3E

B5

66

48

03

F6

0E

61

35

57

B9

86

C1

1D

9E

E1

F8

98

11

69

D9

8E

94

9B

1E

87

E9

CE

55

28

DF

8C

A1

89

0D

BF

E6

42

68

41

99

2D

0F

B0

54

BB

16

  Reference Values Zero Value Initialization Vector   Zero IV Key     Reference Key Zero Key Result

Messages

X

The cryptolator supports 3 blocks of data as input for the encryption or decryption. Each block is 16 byte long. The data must be input in hexadecimal notation. 0..9 and A..F are valid. Initially the fields are preset to 00.

It is not rquired to enter data in all 3 blocks, except whenyou show the selfsynchronization effect in CBC mode.

The reference data are usefull when you programed your own encryption engine and you want to verify the correct operation. The reference data are part of the orininal NIST publication FIPS-197.

For a complete test more data must be used. For example the NIST reference data in ECB mode do not detect certain modifications to the S-Boxes. Try it by yourself. Load the standard AES box and modify it by swapping the values 2B and 16. Hint: 2B is second last in row 16 is the last byte in the last row. The encrypted result is the same with and without this modification. With 14 encryption round as implemented in the AES-256 it is not always guaranteed that all bytes of the S-Box are used. This is no weakness of the algorithm.

The initialization vector often named IV is only used in CBC mode. In that mode the input data are first xored with the IV before they are feed into the algorithm. Then the output of the first block is used to xor the input of the second block, and so on. The effect of the CBC mode is that all following encrypted data are effected and look different when a single bit is changed. In many CE-Infosys systems is an additional block added in front of the original data. This block is random choosen and provides this hiding effect. In such a case the IV of 0 is used. If the same data are encrypted twice with the same they look completely different because of the CBC mode.

The key used for all CE-Infosys products including the Cryptolator is 256 bit long. The key is input as 2 16 byte long hexadecimal values. Again you can click on a button to use the NIST reference values or a 00 value. Try what happens to the encryption result when you change a single key bit.

The encrypted or decrypted result is displayed here as 3 blocks of 16 byte long hexadecimal values.

The buttons do what they say. Output to input places the data from the 3 output blocks back to the input blocks. Try to encrypt 3 blocks in ECB mode, use any data and any key and observe the output. Click Output to Input and press decrypt ECB mode. The original data appear in the output blocks.

When you click any of the encryption or decryption button, the data, the key, the IV and your S-Box are sent to the server and processed at the server. Afterwards the result is sent back to your browser to update the output fields.

A brief explanation what you can do with the Cryptolator and how it works

The Cryptolator encrypts and decrypts blocks of data. Each block is 16 byte long. You can define the input data, the key and for CBC mode also the Initialization Vector. A total of 3 blocks can be input at a time, but the Cryptolator works also with a single block or two. Three blocks are needed to see some special effects with CBC mode. You can encrypt or decrypt the input data. When you transfer after an encryption the result to the input fields and decrypt now, the original input appears as result.

Try this: Encrypt a block of reference data using any key and any IV in CBC mode. Transfer the result to the input. Now change a singe byte of this input in the first block only. This means at a single position the data are a little manipulated. Now decrypt using CBC mode again. Of course you have to use the same key and the same IV as used for the encryption. See the result. The first block is totally damaged, the second block is only wrong at the position where you changed the input byte and the third block is correct. If there were more blocks all the following blocks would be correct. This is called the self-synchronizing effect of a CBC block cipher. Meaning, if you transmit a message and the receiver knows only the key but not the IV he can still use the message if you make the message at the front two blocks longer. These two blocks must not contain any meaningful data, they could be filled with random or with zeros. Using random, either as IV or as filling blocks has the effect that two identical messages encrypted with the same key look totally different (all blocks) each time. This is a nice hiding effect.

The AES algorithm uses a S-Box as non linear element in the algorithm. This S-Box can be manipulated in order to see the effect of the box on the encryption. You can use the standard AES box, a random generated AES box or define one by yourself. There are 256! different boxes possible. This is a decimal number with 506 digits.  

NIST provides the detailed AES standard FIPS197

PS.: The next version of the Cryptolator will provide functions to test some quality parameters on the S-Boxes.

> top <